Agreed. Even the so-called "Web Intelligence" generates false positives like crazy. Have someone type PS in a form, as in "ps don't forget about the meeting tomorrow" and the POS blocks it as command injection (the Linux "ps" command). It seems to have only rudimentary, if any, sense of the context of how something is used.
If you're just looking for something to block basic attacks and don't need tight controls, look at dotDefender from www.applicure.com . It works as an ISAPI plug-in on Windows or as a shared object on Apache. If you need tight controls, for example the need to whitelist what can get entered into fields, look at SecureSphere from www.imperva.com . It's an appliance that runs in bridge mode between the Internet and the web servers. If the web server is linked to a database on a different network, as it should be, putting the Imperva SecureSphere appliance in allows it to see web traffic to and from the web server AND allows it to see database traffic between the web server and the back-end database. If you buy the appropriate licenses, it can then act as a database activity monitor and as a database firewall. Ray > Date: Sun, 24 Oct 2010 12:49:22 +0300 > From: eu...@imacandi.net > Subject: Re: [FW-1] SQL injection protection > To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM > > On Sun, Oct 24, 2010 at 09:23, a bv <vbavbal...@gmail.com> wrote: > > Hi, > > > > What are the best practices for monitoring/preventing SQL injection > > attacks with R70's IPS/R65's Smartdefense and tuning false positives? > > You don't. You use something dedicated for that. > > Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =================================================